CVE-2017-14730

Published Sep 25, 2017

Last updated 5 years ago

CVSS high 7.8

Overview

Description: The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-732

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8102CDF3-E87D-47C5-AF0D-C80377F17BBC"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACC605F4-F54D-4CCE-871B-9ED65690A649"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE359E34-6382-4CA6-8007-44E30AA2A37D"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FE9BC9A-9560-4102-BA7A-35483A5EC291"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F805018-CE98-454F-AE85-4839245B8737"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FDBB24F-AB33-4601-B8F8-98A59B87A560"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56110525-4479-4893-8173-4940FB9EAFEE"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF433D16-F557-4C1D-B153-C2C2B92EC89C"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2764E7D4-6413-468B-BE09-A98AA62CADF7"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63588DEF-1628-4690-B7E0-F854D7C361D1"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F60E8A3-5BCE-4CD0-B0A8-866489ECC818"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F26DDE0B-FD14-49EA-AEE7-EBDA8B36AB1C"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF8C407A-9BEF-4291-A025-73B68D03AF2F"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8356D01-2F43-4003-8ACD-4CB4B76E48A1"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90D238B6-8065-4392-A343-D0215D514A03"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C455913E-FA72-4422-8B6B-83E5ECC1F5FC"
          },
          {
            "criteria": "cpe:2.3:a:elasticsearch:logstash:5.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "617C493C-F643-4962-A0E3-7D6B5DC9FDE9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "92121D8A-529E-454A-BC8D-B6E0017E615D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References